<?php
$host="db.seng.uvic.ca"; // Host name
$username="se321g01"; // Mysql username
$password="un8bi2YM"; // Mysql password
$db_name="se321g01"; // Database name
$tbl_name="user_info"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['txtAccountName'];
$mypassword=$_POST['txtPassword'];
$uid=$_GET['uid'];

$sql="SELECT * FROM $tbl_name WHERE ba_name='$myusername' and ba_passwd='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$sql="UPDATE user_info SET ba_name = '$myusername', ba_password = '$mypassword', ba = '1' WHERE uid = '$uid'";
mysql_query($sql);

// Add user history
mysql_query("INSERT INTO user_history (day_stamp, points, item, uid) VALUES
(CURDATE(), '0', 'Linked to $myusername', '$uid')");

// Update billing info
mysql_query("UPDATE billing_info SET payment_method = 'BA' WHERE uid = '$uid'");
}

// Go back to profile
header("location:./profile.php?uid=" . $uid . "&tab=4");

?>
